![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2018-09-06
目錄
- Check version
- Set IP & Gateway & DNS
- Show & Save Config
- Management Port
- Express Setup mode
- LED
- Login
- Basic Config
- show mac-address-table
- Interface Status
- Configure speed & duplex
- 顯示目前裝置使用效能
- vlan
- Resetting the Switch
- Configure multiple ports in switches running IOS
- NTP
Check version
> show version
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(2)E7, RELEASE SOFTWARE (fc3) ... ROM: Bootstrap program is C2960X boot loader BOOTLDR: C2960X Boot Loader (C2960X-HBOOT-M) Version 15.2(3r)E1, RELEASE SOFTWARE (fc1) DBSW-1 uptime is 5 hours, 12 minutes System returned to ROM by power-on System restarted at 12:04:40 HKT Thu Sep 6 2018 System image file is "flash:/c2960x-universalk9-mz.152-2.E7/c2960x-universalk9-mz.152-2.E7.bin" Last reload reason: Reload due to Express Setup ... cisco WS-C2960X-24TS-LL (APM86XXX) processor (revision R0) with 262144K bytes of memory. Processor board ID ? Last reset from power-on 2 Virtual Ethernet interfaces 1 FastEthernet interface 26 Gigabit Ethernet interfaces The password-recovery mechanism is enabled. 512K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : Motherboard assembly number : Power supply part number : Motherboard serial number : Power supply serial number : Model revision number : Motherboard revision number : Model number : Daughterboard assembly number : Daughterboard serial number : System serial number : Top Assembly Part Number : Top Assembly Revision Number : Version ID : CLEI Code Number : Daughterboard revision number : Hardware Board Revision Number : Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 26 WS-C2960X-24TS-LL 15.2(2)E7 C2960X-UNIVERSALK9-M Configuration register is 0xF
Set IP & Gateway & DNS
C2960X - Version 15.2(2)E7
# Assigning IP Addresses to SVIs (switch virtual interface)
interface vlan {vlan_id}
ip address {ip-address} {subnet-mask}
# Configuring default route
ip default-gateway 192.168.8.1
# Show
show ip default-gateway
# Set DNS
DB-SW1(config)#ip name-server 8.8.8.8 8.8.4.4
Show & Save Config
Ctril + Z
快速回到 "#"
一次過 show 所有 setting,
當 output 多過 N 行時, 就會有 More
--More--
Checking
SW#show terminal | in Length
Length: 33 lines, Width: 80 columns設定沒有 More
SW# terminal length 0
Save config
# running-config startup-config
copy run start
Management Port
2960X
- RJ-45 Console Port
- Switch Ethernet Management Port
- Switch USB Mini-Type B Console Port
Express Setup mode
Info
When the switch is in Express Setup mode, open a Telnet session to the switch by entering the IP address 10.0.0.1.
During Express Setup, the switch acts as a DHCP server
Enter Express Setup
1. Press the Mode button
Press the Mode button when the SYST, MAST, and STAT LED turn green
Hold the Mode button until all the LEDs next to the Mode button turn green.
If the LEDs next to the Mode button blink when you press the button, release it.
Blinking LEDs indicate that the switch is already configured and cannot go into Express Setup mode.
2. 插 lan cable 落 lan port
3. 等 30 sec. 它會透過 dhcp 去拿 IP
Default Password
username: 留空
Password: cisco
LED
SYST LED
During POST, the SYST (system) LED blinks green.
When POST is complete, the SYST LED turns solid green.
If the SYST LED does not turn solid green, or turns amber,
the switch failed the POST.
Blinking amber: System is sleep mode.
STAT LED
Green: Link present.
Blinking green: Activity. Interface is sending or receiving data.
Amber: Port is blocked by Spanning Tree Protocol (STP) and is not forwarding data.
Blinking amber: Port is blocked by STP and is sending and receiving packets.
Alternating green-amber
Link fault. Error frames can affect connectivity, and errors such as excessive collisions, cyclic redundancy check (CRC) errors, and alignment and jabber errors are monitored for a link-fault indication.
SPEED LED
Off: Port is operating at 10 Mb/s.
Green: Port is operating at 100 Mb/s.
Blinking green: Port is operating at 1000
RPS LED
Redundant Power System—only on switch models that support RPS.
MAST LED
Off: Switch is not the stack master.
Green: Switch is the stack master or a standalone switch.
Amber: An error occurred when the stack was electing the stack master switch,
or another type of stack error occurred.
STACK LED
Blinking green: Stack member number.
if you press the Mode button and select Stack, the port LED 1 blinks green.
The LEDs for port 2 and 3 are solid green, as these represent the member numbers of other stack members.
The other port LEDs are off because there are no more members in the stack.
If your switches are stacked and you press the Mode button on any switch, all the switches display the same selected mode.
For example, if you press the Mode button on the stack master to display SPEED, all the other stack members display SPEED.
* Up to eight switches can be members of a stack.
PoE LED
Port LED
Verifying Port Connectivity
After you connect the switch port and another device, the port LED turns amber while the switch establishes a link.
This process takes about 30 seconds, and then the LED turns green.
Login
# user session
show users
Line User Host(s) Idle Location
* 1 vty 0 root idle 00:00:00 172.16.1.4
Interface User Mode Idle Peer Address# 設定 Enable Password
enable password
enable secret
# levels of access
By default, the Cisco IOS software command-line interface (CLI) has two levels of access to commands:
- user EXEC mode (level 1)
- privileged EXEC mode (level 15)
Enable Telnet & Console
line con 0 line vty 0 4 password ????? login # enable password checking at login
Basic Config
Config hostname
# hostname XXXX
Flash 記憶體的資訊以及記憶體中的 IOS image
# show flash
Directory of flash:/ 2 -rwx 616 Mar 1 1993 00:15:13 +00:00 vlan.dat 3 -rwx 1973 Mar 1 1993 00:01:56 +00:00 config.text 4 -rwx 1918 Mar 1 1993 00:01:56 +00:00 private-config.text 5 -rwx 5144 Mar 1 1993 00:01:56 +00:00 multiple-fs 6 drwx 192 Mar 1 1993 00:07:35 +00:00 c2960-lanbasek9-mz.122-55.SE5 32514048 bytes total (18994176 bytes free)
# History
# show history
# 時間
show clock
13:03:32.673 HKT Tue Oct 2 2018
# clock set hh:mm:ss day month year
i.e.
SW#clock set 17:14:00 06 Sep 2018
# clock timezone zone hours-offset
i.e.
SW(config)#clock timezone HKT 8
check
# show running-config | include timezone
clock timezone HKT 8 0
show mac-address-table
# show arp
Protocol Address Age (min) Hardware Addr Type Interface Internet 172.16.1.4 0 d4ae.526e.f23f ARPA Vlan2 Internet 172.16.1.100 - ccd5.393a.dcc1 ARPA Vlan2
* 只能看到與 switch 有過 connection ( ping or etc. ) 的 arp 資料
Interface Status
show ip interface brief
Interface IP-Address OK? Method Status Protocol Vlan1 unassigned YES unset up down FastEthernet0 192.168.8.103 YES TFTP up up GigabitEthernet0/1 unassigned YES unset down down ...
DB-SW1#show ip interface
Vlan1 is up, line protocol is down Internet protocol processing disabled FastEthernet0 is up, line protocol is up Internet address is 192.168.8.103/24 Broadcast address is 255.255.255.255 Address determined by configuration file MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled ...
DB-SW1#show interfaces status
Port Name Status Vlan Duplex Speed Type Gi0/1 notconnect 1 auto auto 10/100/1000Ba seTX ...
DB-SW1#show interfaces stats
Vlan1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 27 4168 47 6916
Route cache 0 0 0 0
Total 27 4168 47 6916
FastEthernet0
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 36107 7157807 15897 6127285
Route cache 0 0 0 0
Total 36107 7157807 15897 6127285
GigabitEthernet0/1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 90 13725
Route cache 0 0 0 0
Total 0 0 90 13725
...
DB-SW1#show interfaces summary
*: interface is up IHQ: pkts in input hold queue IQD: pkts dropped from input queue OHQ: pkts in output hold queue OQD: pkts dropped from output queue RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec) TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec) TRTL: throttle count Interface IHQ IQD OHQ OQD RXBS R XPS TXBS TXPS TRTL -------------------------------------------------------------------------------- --------------------------------- Vlan1 0 0 0 0 0 0 0 0 0 * FastEthernet0 0 0 0 0 1000 3 2000 2 0 GigabitEthernet0/1 0 0 0 0 0 0 0 0 0 ...
sh int 介面(s1/0,e0,f0/15)
Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is ccd5.393a.dcc0 (bia ccd5.393a.dcc0)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:11, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
4342677 packets input, 340375172 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 2 interface resets
0 output buffer failures, 0 output buffers swapped outsh int trunk
sh ip traffic
IP statistics:
Rcvd: 1475444 total, 303687 local destination
0 format errors, 0 checksum errors, 0 bad hop count
0 unknown protocol, 1171757 not a gateway
0 security failures, 0 bad options, 13611 with options
Opts: 0 end, 0 nop, 0 basic security, 0 loose source route
0 timestamp, 0 extended security, 0 record route
0 stream ID, 0 strict source route, 13611 alert, 0 cipso, 0 ump
0 other
Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble
0 fragmented, 0 couldn't fragment
Bcast: 301933 received, 3 sent
Mcast: 0 received, 0 sent
Sent: 1692 generated, 0 forwarded
Drop: 2 encapsulation failed, 0 unresolved, 0 no adjacency
0 no route, 0 unicast RPF, 0 forced drop
0 options denied, 0 source IP address zero
ICMP statistics:
TCP statistics
Configure speed & duplex
設定 fa0/5 為 100M Full Duplex
Switch>enable
Switch#config term
Switch(config)#interface fa0/5
Switch(config-if)#speed 100
Switch(config-if)#duplex full
Switch(config-if)#description Web Server
Switch(config-if)#no shutdown
解說
speed auto # speed {10 | 100 | 1000 | auto}
duplex auto # duplex {auto | full | half}
bandwidth # Set bandwidth informational parameter
arp # Set arp type (arpa, probe, snap) or timeout
delay # Specify interface throughput delay
flowcontrol # Configure flow operation.
flowcontrol receive "desired|off|on"
Checking
show interface fa0/3 status
Port Name Status Vlan Duplex Speed Type Fa0/3 notconnect 1 full 100 10/100BaseTX
show interface gi0/1 status
Port Name Status Vlan Duplex Speed Type Gi0/1 connected trunk a-full a-100 10/100/1000BaseTX
show interface Gig0/1 capabilities
GigabitEthernet0/1
Model: WS-C2960-24TT-L
Type: 10/100/1000BaseTX
Speed: 10,100,1000,auto
Duplex: half,full,auto
Trunk encap. type: 802.1Q
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on,desired),tx-(none)
Fast Start: yes
QoS scheduling: rx-(not configurable on per port basis),
tx-(4q3t) (3t: Two configurable values and one fixed.)
CoS rewrite: yes
ToS rewrite: yes
UDLD: yes
Inline power: no
SPAN: source/destination
PortSecure: yes
Dot1x: yes
顯示目前裝置使用效能
sh process
# Port Name Status Vlan Duplex Speed Type
vlan
Show status
show vlan brief
VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/13, Fa0/15, Fa0/16, Fa0/17 Fa0/19, Fa0/20, Fa0/21, Fa0/22 2 VLAN0002 active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/14, Fa0/18, Gi0/1, Gi0/2 8 VLAN0008 active Fa0/23, Fa0/24 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup
VLAN status by VLAN id
show vlan id 2
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
2 VLAN0002 active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/14, Fa0/18, Gi0/1, Gi0/2
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
2 enet 100002 1500 - - - - - 0 0
Remote SPAN VLAN
----------------
Disabled
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
VLAN N IP Info.
DB-SW1#show ip interface vlan 1
Vlan1 is up, line protocol is down Internet protocol processing disabled
Port -> VLAN (Access Mode / Trunking Native Mode)
DB-SW1#show interfaces switchport
Name: Gi0/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Creates/Delete a VLAN
# To creates a vlan or a range or VLANs
# If you enter a number that is already assigned to a VLAN,
# the switch puts you into the VLAN configuration submode for that VLAN.
vlan { vlan-id | vlan-range }
# To delete a VLAN
no vlan { vlan-id | vlan-range }
no vlan 2 deletes VLAN 2 from the VLAN database.
If you want to delete the VLAN2 SVI, you need to type no interface vlan2.
# vlan-name
# up to 32 alphanumeric characters. The default value is VLANxxxx
# where xxxx represent four numeric digits
switch(config-vlan)# name vlan-name
# default value is no shutdown
switch(config-vlan)# no shutdown
Configure an interface to join vlan
i.e. GigabitEthernet0/13 join vlan 2
switch(config)# interface GigabitEthernet0/13
# switchport mode { access | trunk | dynamic }
switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan 2
* The VLAN must exist & "no shutdown" before you can specify that VLAN as an access VLAN
access / host / trunk Ports
access port
An access port transmits packets on only one, untagged VLAN.
You specify which VLAN traffic that the interface carries.
If you do not specify a VLAN for an access port,
the interface carries traffic only on the default VLAN.
The default VLAN is VLAN1.
switch(config)# interface ethernet 1/10 switch(config-if)# switchport mode access switch(config-if)# switchport access vlan 5
host Ports
An access host port handles the Spanning Tree Protocol (STP) like an edge port and
immediately moves to the forwarding state without passing through the blocking and learning states.
Configuring an interface as an access host port also disables port channeling on that interface.
switch(config)# interface ethernet 2/1 switch(config-if)# switchport host
trunk Ports
A trunk port transmits untagged packets for the native VLAN plus encapsulated, tagged, packets for multiple VLANs.
switch(config-if)# switchport mode trunk native vlan
If you do not configure this parameter,
the trunk port uses the default VLAN as the native VLAN ID.
switch(config-if)# switchport trunk native vlan 8Smartports
The Smartports feature is a set of Cisco-recommended configurations for the switch ports.
These configurations (referred to as port roles) optimize the switch connections and
ensure security and transmission quality for traffic from the switch ports.
- Desktop port role
It is specifically for switch ports to be connected to desktop and laptop PCs.
設定
DB-SW1(config-if-range)#switchport host
switchport mode will be set to access spanning-tree portfast will be enabled channel group will be disabled
Resetting the Switch
To reset the switch:
Press and hold the Mode button. The switch LEDs begin blinking after about 3 seconds.
Continue holding down the Mode button.
The LEDs stop blinking after 7 more seconds, and then the switch reboots.
The switch now operates like an unconfigured switch.
Configure multiple ports in switches running IOS
DB-SW1(config)#interface range gi0/13-26
DB-SW1(config-if-range)#
NTP
設定 NTP Server
ntp server time.google.com
查看同步是否成功
show ntp status
Clock is synchronized, stratum 2, reference is 216.239.35.12 nominal freq is 286.1023 Hz, actual freq is 286.0972 Hz, precision is 2**20 ntp uptime is 598600 (1/100 of seconds), resolution is 3496 reference time is DF55AAC3.5EB26CD8 (14:50:43.369 HKT Wed Sep 26 2018) clock offset is 1.3302 msec, root delay is 15.07 msec root dispersion is 11.73 msec, peer dispersion is 0.12 msec loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000017815 s/s system poll interval is 512, last update was 605 sec ago.
show ntp associations
address ref clock st when poll reach delay offset disp *~216.239.35.12 .GOOG. 1 1 512 377 15.208 1.168 0.111 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
loss of synchronization occurs when the IOS device cannot trust the NTP server.
NTP does not offer a method to turn off the validation of these packets unless you use SNTP (Simple Network Time Protocol).
SNTP may not be much of an alternative because it is not widely supported in software.
Web 介紹
ip http server
Enables monitoring or configuring of routers using the Cisco Web browser UI.
ip http secure-server
Enables HTTPS server
spanning-tree
APPS-SW1#show spanning-tree summary
Switch is in pvst mode Root bridge for: none EtherChannel misconfig guard is enabled Extended system ID is enabled Portfast Default is disabled PortFast BPDU Guard Default is disabled Portfast BPDU Filter Default is disabled Loopguard Default is disabled UplinkFast is disabled BackboneFast is disabled Configured Pathcost method used is short Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- Total 0 0 0 0 0
PortFast BPDU Guard
PortFast BPDU guard prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port.
When you enable BPDU guard on the switch,
spanning tree shutdown PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning tree blocking state.
PortFast BPDU Filtering
It allows you to avoid transmitting BPDUs on PortFast-enabled ports that are connected to an end system.
By default, spanning tree sends BPDUs from all ports regardless of whether PortFast is enabled.
BDPU filtering is on a per-switch basis; after you enable BPDU filtering, it applies to all PortFast-enabled ports on the switch.
# Enable/Disable BPDU guard on an individual port
set spantree portfast bpdu-guard mod/port [disable | enable | default]
portfast
access or trunk port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states.
spanning-tree portfast
OR
spanning-tree portfast trunk
Other
RSTP: Rapid Spanning Tree Protocol
RSTP responds to changes within the timeframe of three hello BPDUs (bridge protocol data units), or 6 seconds.
PVST: Per-VLAN Spanning Tree (Cisco proprietary)
Enable ssh
# new-model : the local username and password on the router
aaa new-model
#
# 0 Specifies an UNENCRYPTED password will follow
# 7 Specifies a HIDDEN password will follow
# WORD The UNENCRYPTED (cleartext) user password
#
username cisco password 0 cisco
# Configure the hostname
hostname sw1
# Configure the DNS domain of the router
ip domain-name local
# 設定 telnet / ssh
line vty 0 4
# 設定 login
# Enable password checking
(config-line)#login local
# Define which protocols to use when connecting to the terminal
# all All protocols
# none No protocols
# ssh TCP/IP SSH protocol
# telnet TCP/IP Telnet protocol
# Prevent non-SSH Telnets: "transport input ssh"
(config-line)#transport input all
# Generating an RSA key pair for the Switch automatically enables SSH.
crypto key generate rsa modulus 2048
# Configuring the SSH Server
ip ssh version 2
ip ssh dh min size 2048
# ip ssh time-out seconds
# ip ssh authentication-retries number
# show
show ssh
Connection Version Mode Encryption Hmac State Username 2 2.0 IN aes256-ctr hmac-sha1 Session started root 2 2.0 OUT aes256-ctr hmac-sha1 Session started root %No SSHv1 server connections running.
show ip ssh
SSH Enabled - version 2.0 Authentication methods:publickey,keyboard-interactive,password Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc MAC Algorithms:hmac-sha1,hmac-sha1-96
ssh client
- -c <cipher list> Specify preferred ciphers ('-c help' to list options)
- -m <MAC list> Specify preferred MACs for packet verification (or '-m help')
Disable Telnet
# Doing this to vty 0 4 is not enough. Seems like telnet was coming in thru the 5-15 when 0-4 rejected it.
line vty 0 15
(config-line)#transport input ssh